In pure Layer 2 and Multiprotocol Label Switching (MPLS) networks (which is Layer 2+ or sometimes referred to as Layer 2.5), continuity techniques exist for detecting failures or implementing other changes in the data path. The Internet Architecture Board (IAB) describes an attack on the core routing infrastructure as an ideal attack that would inflict the greatest amount of damage. It recommends that live connectivity protocols protect their frames from third party intrusion attempts by authenticating all of them. However, trying to authenticate these frames is very resource consuming. Most conventional systems have no support for cryptography in the data path. Moreover, performing integrity check on each and every continuity frame is expensive, both from a resource and time perspective. It eliminates implementation of the solution in software. Implementation of the solution in hardware would require for cryptography in hardware which will make the solution expensive and not compatible with currently deployed systems. Continuity techniques such as BFD and CCMs require message transmission at a high frequency (e.g., 3.3 ms, etc.) to detect the failure of the network path. RFC 6862, “Keying and Authentication for Routing Protocols (KARP) Overview, Threats, and Requirements,” (March 2013), the contents of which are incorporated by reference herein, states that BFD protocol needs be protected from replay attacks and that an integrity check associated with a message fails if an attacker tries to replay the message with a different origin.
Performing the computation of the hash for an integrity check therefore has to be performed in software even when hardware is used for live connectivity verification. This is simply a high cost and complexity of implementation without adding to the sanctity of the connection.